From his site mentioned in summary: ...are you going to be keeping veto power over the name?
I think we can burn that bridge when we come to it....it's remotely possible that someone at Miramax or Lamy Pens or TeaDirect Tea may decide that this is a heaven-sent opportunity for cheap product placement, and it'll suddenly become the USS Latest Lindsay Lohan Movie or the SS TIVO RULES. But I sort of doubt it'll happen like that.
Sounds like he could be setting himself up for a lot of hurt.
Other than that, here is an interview with Neil Gaiman talking about this book and his previous one called American Gods and here is Google's Print of American Gods.
As for the Comic Book Legal Defense Fund, here is a site with some highlights of cases that they have helped.
No. Fill just goes until it meets a boundary. This colorization is a lot smarter than that. It appears to notice the boundarys by the sudden changes of the temperature in the color of pixels. That way it can then make an educated guess on how much to color and when to stop. You can then optimize this by putting in more than one input of the colors you want to change. This effect is really quite amazing. Scroll down and look at the gif video of the birthday party. JUST AMAZING.
Just out of interest, I wonder what would happen if, say, Japan had imprisoned a bunch of innocent US citizens at an offshore location, held them there for several years, and tortured them, without even charging them, let alone any other due process?
Similar to Vietnam?
I don't know why this reminds me of what you said but it seems to fit. No due process, torture, years at time of imprisonment. I guess the only charges that they could be held on were war charges. Or terrorist charges...I guess it all depends on who you ask.
As for Guantanamo, I agree that it's barbaric.
Making a profit I have no problems with what-so-ever.
Making a profit through ads or subscriptions I have no problem with what-so-ever.
Make a profit by monitoring where I go, how long I'm there, keeping a record of what I search for, and then selling that to who ever will pay your price I have a slight problem with.
This isn't about making a profit but selling my interests and habits.
It was NOT a jab at a big company. Replace AOL with any other company with same features and same TOS and I would have said the same thing.
As for private communication to you, I could care less. I have nothing to say to you that the world can't see.
And no, I don't expect AOL to "assign" someone to read my coversations. However, I'm sure the the 92 million people who had their e-mail addresses sold by an employee didn't have anyone assigned to them too.
It is simple. They said they can. They said they won't. I'm personally not at all really concern as the people that I would have conversations with over AIM I would just simply meet with if I wanted to talk private. However, if I had something to hide I would not rely on AOL's word to keep my information private.
This is a standard Apache feature. Virtually every website logs all requests - Yahoo is normal here, not the exception.
That is generally a normal operation for any webserver. I know my log I'll generally look it over and then delete it after a couple of weeks. What do they do with theirs? Sell it? Delete it? Use it just for research?
Giving their other policies on ads it wouldn't suprise me if they sold it.
What does AOL being a giant multi-billion dollar company have to do with this?
Money has a tendancy of corrupting. The bigger a company grows and the longer they are around the more likely you are to hear of some shady practices.
Please don't try to take a cheap jab at a company just for the sake of it being a company
I didn't for the sake of it being a company. I did it for the sake that they SAID in their TOS that they can. If AOL was meant to be a secure company then maybe I'd trust my secure communications with them.
Especially in this case since you've probably been leeching off AOL's servers for years without a second thought (you don't use the official AIM client with the revenue generating ads, do you?)
And why would I when they use interfaces I don't want and allow me to use someone elses for free?
I started using Yahoo! around 1998 when a friend in school told me about it. It was a nice portal with an extensive set of yellow pages, a messenger protocol, free webmail, and a chat program. Eventually the more I used it the more I became interested in Google as Yahoo! at the time was powered by Google. I eventually completely switched over to Google because of its clean, quick interface. I only use Yahoo! for my spam account and occasionally messenger because some people I know strictly use Yahoo!. Occasionally if Google doesn't return my expected search results I'll use Yahoo!, sometimes with success. As a search engine I'm really impressed but their is a few things they could work on for improvement.
Clean up its portal or offer a simple search site without any excessive links.
Quit tracking every damn thing I do on their site
Stop sending me specific advertisements based on where I go instead of what I search
Quit favoring select commercial companys in Yahoo! Mail to bypass the "Bulk folder".
Seriously though, has anyone read their privacy page? It's worse than AOL's AIM TOS.
To quote a few of their policies: Yahoo! automatically receives and records information on our server logs from your browser, including your IP address, Yahoo! cookie information, and the page you request.
Yahoo! uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients. aka "Sell your habits as an anonymous client to advertisers
These companies may use your personal information to help Yahoo! communicate with you about offers from Yahoo! and our marketing partners.
The list goes on and on. That is the main reason I try to stay away from Yahoo!.
In court Microsoft claimed the e-mails were erased from employee's desktops, e-mail servers and server backups.
I don't know how Microsoft's IT structure works but I know at where I work we have snapshots of all of our data done every week and held for a month. Then at the month limit we archive our data for another year. Not to mention the nightly incremental backups. Essentially we can go back to any time of a week for a month, then in month increments and recover that snapshot.
I guess what I'm getting at is how exactly does a company lose "uninteresting" data spanning a period of 35 weeks unless it's intentional?
It would be near impossible for someone to cover ones tracks without going through only God knows how many tapes and erasing said data.
Looks like they had their cherry popped;)
In all seriousness though, this looks like a perfect time to test the GPL in cou
rt (if they make it that far.)
Does their use of OSS without complying with GPL violate copyright laws or justlicensing laws?
2b2. Using 2b1's verification post a general posting of "There is a problem with X" and let everyone know that you have already contacted the company as well as having verified the problem with Y. But that you can not yet release more information until date/time when the company has said the problem should be fixed and released to everyone.
Sounds like stereo instructions:P
In all seriousness though, in a perfect world where people have time to spend *hours?* following the "2-step" program this would be a great idea.
The point in releasing the exploit is to put pressure on the company to fix the problem. In my original post the scenario was that you send Foo Inc the exploit, they told you they would get on it, and never fixed it. If you can get a working dialog with a company who will actually FIX it then yes, don't release the exploit untill a patch has been released.
It takes time to slow the bus down so it can come to a stop without killing everyone on board.
If you give the bus a 2-mile warning with flashing lights and it still has a disaster is it wrong on your part? Releasing the exploit to the company is the same as informing the driver of the road being out up ahead. As the driver gets closer still accelerating its best to put a sign to remind the bus driver and alert the passengers what danger they are in by staying on the bus. If its 10 feet or 10 miles, it's best to warn the passengers then not at all. If the company cooperates and releases a fix, then the passengers will still see the sign on the road and hear it from the driver. They should then take the driver's advice and follow him to the latest and greatest bus heading on a newer patched road.
As for fame and revenge, I can't argue with you there. But then again, these people seem to disregard ethics of a "white hat" anyway and will release the exploit no matter what.
Just my $0.02
Lets say I discover exploit in Foo that allows me to have complete control of your computer. Foo is a very popular program used in homes to enterprises. Now lets say I send my exploit to Foo Company Inc. to have them patch it to prevent this horrible exploit from being..well..exploited. Foo sends you a "to-be-done" acknowledgement and thats the last you ever hear from them. Three service packs later and your exploit still works without a problem. If you discovered this exploit then so can someone else. This someone else could then use this exploit to their every desire (Think beyond viruses, i.e. blackmail, stock market, etc.)
What do you do?
Nag the company to fix it?
Tell everyone how horrible the company is without proof?
Release your exploit into the wild to pressure the company in patching it and giving them motivation to pay more attention to security?
Most exploits that are released typically occur after the vendor has been notified.
"Will I be able to receive calls on my PDA?
Yes, Running Voice Software keeps the power on for the CF card and keeps the app active on the PDA so incoming calls will ring and be able to answered. Of course, the downside of this is that your PDA is kept on and will continue to drain the battery. "
Personally I use my PDA almost everyday for my job.
I use it to:
ssh into our Linux servers
ssh into firewall
TS into our Windows servers
VNC into desktops and laptops
Diagnose occasional network issue
bring up documents from our baseline
navigate the Internet for spec sheets (PDFs too) while working on devices
play the many games available
use the built in PIM functions (alarm, contact, todo, etc.)
A lot of things have come a lot easier since I have purchased it. It runs pretty stable and hardly have to reboot it (I'm running a test OS.) Of course most of these tasks I can, and normally, do from my desktop. It's just easier if I'm working on a project out in our shop or if I'm at a different workstation and want to bring up all my tools.
I run OpenZaurus 3.5.2 (Linux) on a Zaurus 5500 with a CF Wirless card. I run the OS and software applications from a 256 MB sd card and still have plenty of room left over to expand apon. And when I'm on the road it's no big deal to take out the wireless card and put in my 1GB cf card for my music. Who needs iPod when you have xmms?
Not to mention that it also makes a great "wardriving" tool if you need to find an available AP. I have Kismet, Wellenreiter, nmap, and THC-Hydra installed as well.
My Nokia purchased from RadioShack has a built in FM tuner.
The reception is decent but you have to have a headset plugged in before it will even work.
I guess it depends on if your using the telecommunications version, which uses SI, or the more common, but improper, computer science version (which should really be using a Gibibyte.)
Right now it's just a "what if" phase but its been growing on me for a while now. Also, LinuxBIOS is not the only one I'm looking at as each open bios has their own limitations. I'll create a page for it at my site (down right now for maintenance) if your interested with what I'm coming up with and/or want to share some thoughts. I'll have something up this weekend.
The software will also be opensource (probably GNU)
Our company had a few of it's laptops stolen recently and I took the liberty of investigatin in some of these Laptop Tracker tools.
What they do is randomly check for Internet connection and sends out a packet to help track it down. If it is not connected it will try to dial a predetermined number to help locate it. The company who keeps track of all this information will then work with the authorities to track it down. It is not really dependant on the OS and can survive reformats.
The only problem is that all is lost if the theifs wipe out the partitions (which happens if you do a full install of say..Windows 2000 or XP.)
Since then I've been looking at creating my own that is independant of the OS and does not reside on any partition.
Using LinuxBIOS as a replacement for the original BIOS this minature Linux has the potential to do whatever I need.
Set it up so it freezes on the lack of a dongle plugged in or have the ability to initialize the ethernet device and try to reach the outside world.
I doubt the the project managers of LinuxBIOS had any of this in mind and it needs to mature a little bit more before this could really work but once abled, but this project could really help out laptop owners.
Slashdot Mirror
My girl and I agree that if our child is a girl she can name it anything she wants and if it's a boy I can name it anything I want.
I'm shooting for Mark 2.0
Maybe you should go with networkBoy 2.0?
From his site mentioned in summary:
...are you going to be keeping veto power over the name?
I think we can burn that bridge when we come to it....it's remotely possible that someone at Miramax or Lamy Pens or TeaDirect Tea may decide that this is a heaven-sent opportunity for cheap product placement, and it'll suddenly become the USS Latest Lindsay Lohan Movie or the SS TIVO RULES. But I sort of doubt it'll happen like that.
Sounds like he could be setting himself up for a lot of hurt.
Other than that, here is an interview with Neil Gaiman talking about this book and his previous one called American Gods and here is Google's Print of American Gods.
As for the Comic Book Legal Defense Fund, here is a site with some highlights of cases that they have helped.
Isn't that just a fill tool? Paint does that.
No. Fill just goes until it meets a boundary. This colorization is a lot smarter than that. It appears to notice the boundarys by the sudden changes of the temperature in the color of pixels. That way it can then make an educated guess on how much to color and when to stop. You can then optimize this by putting in more than one input of the colors you want to change. This effect is really quite amazing. Scroll down and look at the gif video of the birthday party. JUST AMAZING.
Just out of interest, I wonder what would happen if, say, Japan had imprisoned a bunch of innocent US citizens at an offshore location, held them there for several years, and tortured them, without even charging them, let alone any other due process?
Similar to Vietnam?
I don't know why this reminds me of what you said but it seems to fit. No due process, torture, years at time of imprisonment. I guess the only charges that they could be held on were war charges. Or terrorist charges...I guess it all depends on who you ask.
As for Guantanamo, I agree that it's barbaric.
Making a profit I have no problems with what-so-ever.
Making a profit through ads or subscriptions I have no problem with what-so-ever.
Make a profit by monitoring where I go, how long I'm there, keeping a record of what I search for, and then selling that to who ever will pay your price I have a slight problem with.
This isn't about making a profit but selling my interests and habits.
It was NOT a jab at a big company. Replace AOL with any other company with same features and same TOS and I would have said the same thing.
As for private communication to you, I could care less. I have nothing to say to you that the world can't see.
And no, I don't expect AOL to "assign" someone to read my coversations. However, I'm sure the the 92 million people who had their e-mail addresses sold by an employee didn't have anyone assigned to them too.
It is simple. They said they can. They said they won't. I'm personally not at all really concern as the people that I would have conversations with over AIM I would just simply meet with if I wanted to talk private. However, if I had something to hide I would not rely on AOL's word to keep my information private.
This is a standard Apache feature. Virtually every website logs all requests - Yahoo is normal here, not the exception.
That is generally a normal operation for any webserver. I know my log I'll generally look it over and then delete it after a couple of weeks. What do they do with theirs? Sell it? Delete it? Use it just for research?
Giving their other policies on ads it wouldn't suprise me if they sold it.
What does AOL being a giant multi-billion dollar company have to do with this?
Money has a tendancy of corrupting. The bigger a company grows and the longer they are around the more likely you are to hear of some shady practices.
Please don't try to take a cheap jab at a company just for the sake of it being a company
I didn't for the sake of it being a company. I did it for the sake that they SAID in their TOS that they can. If AOL was meant to be a secure company then maybe I'd trust my secure communications with them.
Especially in this case since you've probably been leeching off AOL's servers for years without a second thought (you don't use the official AIM client with the revenue generating ads, do you?)
And why would I when they use interfaces I don't want and allow me to use someone elses for free?
-
Clean up its portal or offer a simple search site without any excessive links.
-
Quit tracking every damn thing I do on their site
-
Stop sending me specific advertisements based on where I go instead of what I search
-
Quit favoring select commercial companys in Yahoo! Mail to bypass the "Bulk folder".
-
Clean up their Privacy policy.
Seriously though, has anyone read their privacy page? It's worse than AOL's AIM TOS.To quote a few of their policies:
Yahoo! automatically receives and records information on our server logs from your browser, including your IP address, Yahoo! cookie information, and the page you request.
Yahoo! uses information for the following general purposes: to customize the advertising and content you see, fulfill your requests for products and services, improve our services, contact you, conduct research, and provide anonymous reporting for internal and external clients. aka "Sell your habits as an anonymous client to advertisers
These companies may use your personal information to help Yahoo! communicate with you about offers from Yahoo! and our marketing partners.
The list goes on and on. That is the main reason I try to stay away from Yahoo!.
"We're not evil. We promise. Trust us. Just because we say we can doesn't mean we will."
I personally use AIM but that doesn't mean that I'm going to trust any communications I want private with a giant multi-billion company.
In court Microsoft claimed the e-mails were erased from employee's desktops, e-mail servers and server backups.
I don't know how Microsoft's IT structure works but I know at where I work we have snapshots of all of our data done every week and held for a month. Then at the month limit we archive our data for another year. Not to mention the nightly incremental backups. Essentially we can go back to any time of a week for a month, then in month increments and recover that snapshot.
I guess what I'm getting at is how exactly does a company lose "uninteresting" data spanning a period of 35 weeks unless it's intentional?
It would be near impossible for someone to cover ones tracks without going through only God knows how many tapes and erasing said data.
with its Spyware Assassin site
I'm getting a blank page with the title "New Page 1"
Here is a google cache.
If it is possible to sue for ?damages? then I'm sure at least one geak who is a lawyer would like to take a stab at it.
If anything else I'm sure that somewhere out there is a geek lawyer who wouldn't mind taking a shot at it if s/he could be reimburst for expenses.
Looks like they had their cherry popped ;)
In all seriousness though, this looks like a perfect time to test the GPL in cou rt (if they make it that far.)
Does their use of OSS without complying with GPL violate copyright laws or justlicensing laws?
2b2. Using 2b1's verification post a general posting of "There is a problem with X" and let everyone know that you have already contacted the company as well as having verified the problem with Y. But that you can not yet release more information until date/time when the company has said the problem should be fixed and released to everyone.
:P
Sounds like stereo instructions
In all seriousness though, in a perfect world where people have time to spend *hours?* following the "2-step" program this would be a great idea.
The point in releasing the exploit is to put pressure on the company to fix the problem. In my original post the scenario was that you send Foo Inc the exploit, they told you they would get on it, and never fixed it. If you can get a working dialog with a company who will actually FIX it then yes, don't release the exploit untill a patch has been released.
It takes time to slow the bus down so it can come to a stop without killing everyone on board.
If you give the bus a 2-mile warning with flashing lights and it still has a disaster is it wrong on your part? Releasing the exploit to the company is the same as informing the driver of the road being out up ahead. As the driver gets closer still accelerating its best to put a sign to remind the bus driver and alert the passengers what danger they are in by staying on the bus. If its 10 feet or 10 miles, it's best to warn the passengers then not at all. If the company cooperates and releases a fix, then the passengers will still see the sign on the road and hear it from the driver. They should then take the driver's advice and follow him to the latest and greatest bus heading on a newer patched road.
As for fame and revenge, I can't argue with you there. But then again, these people seem to disregard ethics of a "white hat" anyway and will release the exploit no matter what.
Just my $0.02
If you discovered this exploit then so can someone else. This someone else could then use this exploit to their every desire (Think beyond viruses, i.e. blackmail, stock market, etc.)
What do you do?
Nag the company to fix it?
Tell everyone how horrible the company is without proof?
Release your exploit into the wild to pressure the company in patching it and giving them motivation to pay more attention to security?
Most exploits that are released typically occur after the vendor has been notified.
or rather if I could take calls on my PDA
You can.
"Will I be able to receive calls on my PDA?
Yes, Running Voice Software keeps the power on for the CF card and keeps the app active on the PDA so incoming calls will ring and be able to answered. Of course, the downside of this is that your PDA is kept on and will continue to drain the battery. "
I use it to:
ssh into our Linux servers
ssh into firewall
TS into our Windows servers
VNC into desktops and laptops
Diagnose occasional network issue
bring up documents from our baseline
navigate the Internet for spec sheets (PDFs too) while working on devices
play the many games available
use the built in PIM functions (alarm, contact, todo, etc.)
A lot of things have come a lot easier since I have purchased it. It runs pretty stable and hardly have to reboot it (I'm running a test OS.)
Of course most of these tasks I can, and normally, do from my desktop. It's just easier if I'm working on a project out in our shop or if I'm at a different workstation and want to bring up all my tools.
I run OpenZaurus 3.5.2 (Linux) on a Zaurus 5500 with a CF Wirless card. I run the OS and software applications from a 256 MB sd card and still have plenty of room left over to expand apon. And when I'm on the road it's no big deal to take out the wireless card and put in my 1GB cf card for my music. Who needs iPod when you have xmms?
Not to mention that it also makes a great "wardriving" tool if you need to find an available AP. I have Kismet, Wellenreiter, nmap, and THC-Hydra installed as well.
That may be true but what is really lacking is the ability to play the radio through the speakerphone.
I've never seen FM radio on a phone in the US...
My Nokia purchased from RadioShack has a built in FM tuner.
The reception is decent but you have to have a headset plugged in before it will even work.
10,000,000 bytes IS 10 Gigabytes.
I guess it depends on if your using the telecommunications version, which uses SI, or the more common, but improper, computer science version (which should really be using a Gibibyte.)
It is a lack of humans willing to produce content for these games.
Have you looked at Vega Strike?
Homepage
Right now it's just a "what if" phase but its been growing on me for a while now. Also, LinuxBIOS is not the only one I'm looking at as each open bios has their own limitations. I'll create a page for it at my site (down right now for maintenance) if your interested with what I'm coming up with and/or want to share some thoughts. I'll have something up this weekend.
The software will also be opensource (probably GNU)
Our company had a few of it's laptops stolen recently and I took the liberty of investigatin in some of these Laptop Tracker tools.
What they do is randomly check for Internet connection and sends out a packet to help track it down. If it is not connected it will try to dial a predetermined number to help locate it. The company who keeps track of all this information will then work with the authorities to track it down. It is not really dependant on the OS and can survive reformats.
The only problem is that all is lost if the theifs wipe out the partitions (which happens if you do a full install of say..Windows 2000 or XP.)
Since then I've been looking at creating my own that is independant of the OS and does not reside on any partition.
Using LinuxBIOS as a replacement for the original BIOS this minature Linux has the potential to do whatever I need.
Set it up so it freezes on the lack of a dongle plugged in or have the ability to initialize the ethernet device and try to reach the outside world.
I doubt the the project managers of LinuxBIOS had any of this in mind and it needs to mature a little bit more before this could really work but once abled, but this project could really help out laptop owners.
I would be interested in going.